We welcome user feedback and feature requests!

Add ability to use API Key authentication

It would be nice to be able to protect API apps with a set of API Keys instead of requiring a user to manually log in. This would be especially helpful for backend APIs that don't require user authorization or are accessed primarily by other servers.

Would be great if this were implemented as stated by Mats. Though it isn't the most secure form of authentication it works very well for a lot of smaller web services. Being such a common authentication practice it should be able to be implemented with azure.

We still haven't decided whether this is something we want to add, given the security weaknesses of API keys. The main worry is folks abusing this feature by embedding API keys in their native client apps and having them discovered by malicious users.

Description:
As a user, I should be able to access an App Service by supplying an access token in the request, as an alternative to AAD credentials.

Purpose:
A lot of test tools for SOAP/REST/Web have weak or no support for AAD or oauth2 authentication.
Defining and including a predefined access token in each request would ease test and verification of app and web services.

The alternative is to turn all authentication off, which is not desirable.

This would work in the same way as for Visual Studio Team Services, A user can define a personal access token that allows the same access as an interactive login.

Access tokens can be managed in the app service authentication/authorization settings.

This feature would be extremely helpful for what I plan on doing with a web app that will let anonymous users retrieve read only data from my API, and not allow anything but the web app to call the API. I'll use social logins for client side authentication/authorization for users allowed to write data.